National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2005-2088 Detail

Current Description

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Source:  MITRE      Last Modified:  07/05/2005      View Analysis Description

Quick Info

CVE Dictionary Entry:
CVE-2005-2088
Original release date:
07/05/2005
Last revised:
10/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
4.3 MEDIUM
Vector:
(AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore:
2.9
Exploitability Subscore:
8.6
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Medium
Authentication:
Not required to exploit
Impact Type:
Allows unauthorized modification

Vendor Statements (disclaimer)

Official Statement from Apache (07/02/2008)

Fixed in Apache HTTP Server 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://docs.info.apple.com/article.html?artnum=302847 External Source APPLE APPLE-SA-2005-11-29
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html External Source TRUSTIX TSLSA-2005-0059
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3 External Source MLIST [apache-httpd-announce] 20051014 Apache HTTP Server 2.0.55 Released
http://seclists.org/lists/bugtraq/2005/Jun/0025.html External Source BUGTRAQ 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling
http://securityreason.com/securityalert/604 External Source SREASON 604
http://securitytracker.com/id?1014323 External Source SECTRACK 1014323
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000 External Source SLACKWARE SSA:2005-310-04
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 External Source SUNALERT 102197
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 External Source SUNALERT 102198
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm External Source CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.apache.org/dist/httpd/CHANGES_1.3 External Source CONFIRM http://www.apache.org/dist/httpd/CHANGES_1.3
http://www.apache.org/dist/httpd/CHANGES_2.0 External Source CONFIRM http://www.apache.org/dist/httpd/CHANGES_2.0
http://www.debian.org/security/2005/dsa-803 External Source DEBIAN DSA-803
http://www.debian.org/security/2005/dsa-805 External Source DEBIAN DSA-805
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130 External Source MANDRIVA MDKSA-2005:130
http://www.novell.com/linux/security/advisories/2005_18_sr.html External Source SUSE SUSE-SR:2005:018
http://www.novell.com/linux/security/advisories/2005_46_apache.html External Source SUSE SUSE-SA:2005:046
http://www.redhat.com/support/errata/RHSA-2005-582.html External Source REDHAT RHSA-2005:582
http://www.securiteam.com/securityreviews/5GP0220G0U.html Exploit External Source MISC http://www.securiteam.com/securityreviews/5GP0220G0U.html
http://www.securityfocus.com/archive/1/archive/1/428138/100/0/threaded External Source HP SSRT051251
http://www.securityfocus.com/bid/14106 External Source BID 14106
http://www.securityfocus.com/bid/15647 External Source BID 15647
http://www.ubuntu.com/usn/usn-160-2 External Source UBUNTU USN-160-2
http://www.vupen.com/english/advisories/2005/2140 External Source VUPEN ADV-2005-2140
http://www.vupen.com/english/advisories/2005/2659 External Source VUPEN ADV-2005-2659
http://www.vupen.com/english/advisories/2006/0789 External Source VUPEN ADV-2006-0789
http://www.vupen.com/english/advisories/2006/1018 External Source VUPEN ADV-2006-1018
http://www.vupen.com/english/advisories/2006/4680 External Source VUPEN ADV-2006-4680
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf External Source MISC http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only External Source AIXAPAR PK13959
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only External Source AIXAPAR PK16139
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828 External Source HP HPSBUX02101
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452 External Source OVAL oval:org.mitre.oval:def:11452
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237 External Source OVAL oval:org.mitre.oval:def:1237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526 External Source OVAL oval:org.mitre.oval:def:1526
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629 External Source OVAL oval:org.mitre.oval:def:1629
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840 External Source OVAL oval:org.mitre.oval:def:840
https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html External Source CONFIRM https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html

References to Check Content

Identifier:
oval:org.mitre.oval:def:11452
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11452
Identifier:
oval:org.mitre.oval:def:1237
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1237
Identifier:
oval:org.mitre.oval:def:1526
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1526
Identifier:
oval:org.mitre.oval:def:1629
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1629
Identifier:
oval:org.mitre.oval:def:840
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:840

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes